[Gsmmap] Question regarding SnoopSnitch and Xgoldmon traces

Emanuel emanuel at srlabs.de
Mon Dec 19 16:06:07 CET 2016

Dear Pedro,

Indeed the Xgoldmon and Snoopsnitch are used on different baseband
hardware. However, the results you see here is not because of that, but
because the way these two programs parse the available radio data. There
is no contradiction between Qualcomm and XGold (Intel/Infineon), the
SecurityModeCommand is always set to UEA1. We just do not monitor the
"RadioBearerReconfiguration" in snoopsnitch, because we suspect that it
could create more battery drain and difficulty for the parser, on
low-end devices. If new tests prove otherwise, we may consider adding
this measure in a future version of Snoopsnitch.

Thank you so much for reporting your concerns and findings.

Best Regards,
(Security Research Labs)

> Hello all,
> I've been playing with Xgoldmon for long time on a samsung S3 and S2,
> analyzing Spanish operators UMTS traces. A few days ago, I have the
> opportunity to install SnoopSnitch on a samsung A3 and activate the
> raw radio data and pcap files. The biggest surprise come from the use
> of encryption algorithm, the UEA0 and UEA1;
> - In the UMTS Xgoldmon traces, "SecurityModeCommand" messages always
> establishing UEA1 as the ciphering algorithm, but after that, from
> time to time, a "RadioBearerSetup" or "RadioBearerReconfiguration"
> message, establish UEA0 as the new ciph. algorithm. .
> - In the UMTS SnoopSnitch traces, I only see "SecurityModeCommand"
> messages, again always establishing UEA1 as the ciphering algorithm.
> While analyzing this results, I doubt about the root cause of this
> difference; Is because the two software I used or the two phones?
> I would like to share with all of you my conclusion as I'm not sure,
> to explain that; I guess the two phones have a different baseband
> chip, so both Xgoldmon and SnoopSnitch traces are valid and just shows
> what really happens in the network.
> Thank all of you for your time, Pedro

More information about the Gsmmap mailing list